As telecommunication technology has progressed, though on one hand it has proved immensely beneficial for all, on other hand it has given rise to various types of fraud being perpetrated in these telecommunication networks. One such fraud is called termination bypass fraud where fraudsters change the termination leg of a call (mobile call or landline call) to avoid paying termination charges to a terminating operator for this terminated call. These calls can be international or national calls that are terminated at the terminating operator.
Typically, termination bypass works by replacing the terminating call in the transit path of the call, by an originating call through using another line, thus exploiting the cost arbitrage between a termination fee of terminating operator and an originating fee of the bypass line levied by the line operator. Typically, this bypass is done using a local line although international line is also possible if the bypass fraudster commits fraud on the international line. Generally, bypass fraudsters use a GSM SIM box to generate a local GSM originating call, although such local call be also be generated by a fixed line phone, or a CDMA phone. Moreover, these by-passers can operate either On-net or Off-net. In case of on-net bypass, the bypass line used is the same as the terminating operator of the call, while in case of off-net bypass, the bypass line used is not the same.
One or more techniques have been devised for dealing with such bypass fraud. One such method is referred as Fraud Management System (FMS) where it detects SIM box for GSM mobile operators based on Call Detail Records (CDR) analysis. This primarily operates by looking at patterns of usage on SIMs. For example, when too many mobile originated calls are being made with no mobile terminated calls, then presence of SIM box can be detected. However, this pattern analysis is not done in real time. Also, the bypass fraudsters can fake usages to fool the FMS. Hence, the FMS method can either have a lot of false positives if it is too loose in its implementation logic or can have too few bypass detections if too strict in its implementation logic. In addition, the FMS method cannot detect off-net bypass fraudsters. Furthermore, FMS does not perform immediate fraudster prevention. Moreover, FMS cannot prevent the bypass fraudsters from moving off-net, which makes it effectively useless in eliminate termination bypass fraud, as off-net fraud, though less lucrative, can still keep the fraud business running.
Another technique to deal with bypass fraudsters is call generation based bypass detection. This is also called as classical call generation based bypass detection method. This method requires deploying detection modules in both terminating country and originating country and then track the international call being made from the originating country to the terminating country to detect bypasses. However, it has an implementation limitation of deploying boxes around the world in multiple networks. Like FMS, it does not perform immediate fraudster prevention. Moreover, it cannot prevent the bypass fraudsters from moving off-net, which makes it effectively useless in eliminate termination bypass fraud, as off-net fraud, though less lucrative, can still keep the fraud business running.
In yet another solution, in one of the previous patents from inventors of a referenced application, a solution has been provided for developing a “A single operator and network side solution for inbound and outbound roaming tests and discoveries of roaming partner services and fraud without involving remote probes or real roamer traffic”. This solution is hereinafter, referred to as “Predictive Intelligence” or “PI”.
The limitation of call generation based bypass detection methods today is that because they involve only test calls with test numbers, smart bypass fraudsters can examine the patterns of these test numbers and decide to blacklist them for future bypasses. Some of the patterns on these test numbers are either they are called too many times or they are not answered many times etc. As a result, the call generation methods lose their effectiveness in bypass detection. Even though more test numbers can be introduced, the same issue of getting detected by the bypass fraudster will rise again. Besides the fact that the test numbers are limited and each time they are used, it involves more work from the operators of these numbers, thereby creating a non-scalable solution.
While the bypass fraud detection capabilities introduced in earlier PI patent for enhancing the state of the art are clearly demonstrated in that patent, there is still further a need to apply bypass detection in a stealth manner to make it difficult for fraudsters to detect that they are being tested. In particular, test numbers used by PI for calls can be easily detected by bypassers unless it keeps changing all the time, which makes it less robust. Also the previous PI only covers call origination from mobile networks via roaming partners of a home operator network. Although these originations often share transit and termination routes with non mobile originated calls, but there are still many routes not shared. Hence it can still fail to detect termination bypass lines on those non-shared routes. Furthermore, the previous PI method does not immediately terminate a bypass line once detected. As soon as a bypass line goes off-net, the previous PI while able to detect but unable to prevent again.
In accordance with the foregoing, there is a need in the art of a system, a method, and a computer product for providing an operator based and network based solution that gives the operator intelligence to deal with above mentioned problems.
In this document, we will mix the use of termination bypass fraud and SIM box fraud to simplify description although it should be understood that termination bypass is more generic than the SIM box fraud and the described solution on SIM box fraud can be equally applied to termination bypass fraud in general.